Parameters

An empty filter is not allowed. If you want to retrieve absolutely all
information for this entry, use a filter of
objectClass=*. If you know which entry types are
used on the directory server, you might use an appropriate filter such
as objectClass=inetOrgPerson.

attributes

An array of the required attributes, e.g. array("mail", "sn", "cn").
Note that the "dn" is always returned irrespective of which attributes
types are requested.

Using this parameter is much more efficient than the default action
(which is to return all attributes and their associated values).
The use of this parameter should therefore be considered good
practice.

attrsonly

Should be set to 1 if only attribute types are wanted. If set to 0
both attributes types and attribute values are fetched which is the
default behaviour.

sizelimit

Enables you to limit the count of entries fetched. Setting this to 0
means no limit.

Note:

This parameter can NOT override server-side preset sizelimit. You can
set it lower though.

Some directory server hosts will be configured to return no more than
a preset number of entries. If this occurs, the server will indicate
that it has only returned a partial results set. This also occurs if
you use this parameter to limit the count of fetched entries.

timelimit

Sets the number of seconds how long is spend on the search. Setting
this to 0 means no limit.

Note:

This parameter can NOT override server-side preset timelimit. You can
set it lower though.

deref

Specifies how aliases should be handled during the search. It can be
one of the following:

LDAP_DEREF_NEVER - (default) aliases are never
dereferenced.

LDAP_DEREF_SEARCHING - aliases should be
dereferenced during the search but not when locating the base object
of the search.

LDAP_DEREF_FINDING - aliases should be
dereferenced when locating the base object but not during the search.

If you just want to pull certain attributes from an object and you already know it's dn, the ldap_read command can do this as illustrated below. It will be less overhead than ldap_search.

The string base_dn which is normally used to set the top context for a recursive ldap_search is used slightly differently with this command. It is used to specify the actual object with the full dn. (Hopefully this saves someone else a couple hours trying this command out.)

This differs from ldap_search() by not recursing down to sub-entries. if you know the dn of the item you're looking for and only want info on that entry, use ldap_read() and pass it the full dn of the item you want.

It also seems that you'd alway want something like objectclass=* for the filter, since you're only searching on one entry.